In article <[log in to unmask]>, Ross Anderson
<[log in to unmask]> writes
>> it may be more easier to watch over one supplier's security &
>> confidentiality arrangements than it would be with six.
>
>Safety and privacy are attriibutes of end systems, not of the network (except
>insofar as safety includes the reliability aspects, and even there you benefit
>from being able to tear up your BT contract and moving to Mercury)

I have been 'listening' to this thread with interest.  Ross's point
above bears emphasising.  Health care professionals have an ethical duty
to protect their patient's safety and privacy which cannot be abrogated
to a company or a network.  Regardless of how 'safe' may be the network
we need to ensure that confidential information only leaves one secure
domain 'sealed' in a way that cannot be cracked till it reaches its
intended receiving secure domain.  That can be achieved by digital
authentication and encryption.  The network and all the comms protocols
(eg X400, SMTP, TCP, IP) ought to be transparent to this.

A further benefit is that we are then not locked in to any single
network provider.

On another point - it is important to distinguish between Email
(unstructured messages) and Electronic Data Interchange which implies
exchange of structured data carried on carefully designed electronic
forms.  EDIFACT provides those carefully designed forms.  In the UK the
NHS Trial Version 1 EDIFACT messages for Pathology, Radiology requests
and results, and for Hospital referrals and discharges have been
designed with heavy clinical input - i.e they are 'owned' by the
profession.  The EDIFACT standard continues to evolve and is now
additionally able to support the very authentication and encryption
alluded to above.  'Secure EDIFACT' is what the GP - Provider links
project (IMG project) intends to use for the exchange of all clinical
information.

So it is important not to go overboard and throw out EDIFACT with X400
and the NHSnet.  EDIFACT may not be perfect and there are alternatives
such as ASTM but at present EDIFACT looks the best.  It already happily
runs with Kermit and with X400.  In theory it could be carried by SMTP -
but hands up who would want to trust to the vagaries of MIME or
uuencoded attachments :-)

Why do we necessarily have to use the same comms protocol for Email as
for EDI?  After all, we think nothing about using http for the Web
because powerful applications such as Netscape and IE just sort it all
out for us transparently.

I am not persuaded by arguments for single solutions - but rather hanker
after empowering the individual to make choices


--
John Williams, Senior User GP / Provider Links Project
Email: [log in to unmask]
Fax:   01483 440928


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%